Set the permissions on the database username / password as tightly as possible. If you are displaying data, there is no need for the user to have insert or update permissions into the database. One solution is to have two usernames / passwords. One would have select permissions, and would be used only for display.

The other would have select, insert and update permissions used only for forms that require data to be stored in the database.

Test all data input

All form data and all url query strings should be tested.

For example, if you are passing data using a query string any record id’s are usually integer, so test that they are actually integer values with a function such as isumeric in classic ASP.

Use correct data types and data sizes in the databaseThis means that if you have a colunn which is a persons name, the data type size only needs to be 40 characters.

There is no need to have a data size any larger than required.

Convert text to htmlBefore storing text in a database, convert it into html. This will change inputs such as the Javascript <script> to its html equilivant which cannot be executed on a web page.

Filter out any characters that may cause issues. and are not required.

Use parameterized queries

If you use parametized queries for connection to the database you eliminate string concatenation. You should always use parametized queries rather than constucting the sql.

Check characters particlarly with username / password

If an entry is a username, it normally does not require any other characters other than a to z and 0 to 9 and it only needs to be say, 8 characters long.

This desciption is applicable to all the applications PHP-eSeller, PHP-SecureArea and PHP-KeyCodes.

You should backup your database at regular intervals. You will then be able to restore the database if something goes wrong.

phpMyAdmin is the name of the program that you can use to manipulate databases. It is usually provided as part of you control panel from your hosting company.

1. Log into your web server control panel to access phpMyAdmin

2. Select ‘Databases’

3. Now click the name of your database.

4. The next screen will show you all the tables inside your database. Click the ‘Export’ tab on the top set of tabs.

5. Look at the left box at the top of the Export section. All the tables in the database you selected are in that box.

* If you have other programs that use the database, then choose only those tables that correspond to your install. In the case of PHP-eSeller, they will be the ones with that start with “ipn_”, with PHP-SecureArea they are the ones that start with “sec_” and with PHP-KeyCodes, they are the ones that start with “key_”
* If the database is being used only by the one program, then, leave it as is (or click ‘Select All’ if you changed the selection)
* Ensure that SQL is checked.

Once you’re in the “hosting control center” click on “mysql” from the “databases” dropdown menu

Click the “create database” button

Choose MySQL version 4 or 5, and then enter a description (can be anything), database/user name (must be very unique, or you’ll have to try again), and password (must use at least one capital letter and a number)

(NOTE: you may have to wait 5-10 minutes while the database is setup )

Click the little pencil icon to edit/view database details

Write down or copy the “Host Name:” this will go in the wp-config.php file in place of “localhost”

In your web browser, go to the installation script install.php and fill in the details:

This tutorial will take you step-by-step through the process of creating a database for use with withinweb applications using CPanel.

First, login to your cpanel control panel.

You should see a large number of icons, one of which will be mySQL Database

Click on this and you will be taken to the mySQL Account Maintenance page. You may also see other database details listed if you have created other database before.

Add User

You need to first add a user name and a password.

Click the Add User button

Note that your host will usually add a prefix to the user name, so this will become something like wptemp_Podz

Create your database

You should now be looking at the screen below. Note that you – the User – are listed in a box at the top, and also below the line too.

Enter the name of the database where database name is listed. Then click Add Db

The database is now created.

Allocate the user to the database

The two pieces of information you just added are now here on this screen: the user name and the database name.

If you have other databases and users, the whole screen may look different, but this small part will look the same.

Look at the two drop-down boxes.

The User box MUST contain the name that you added first above. (Note that for each name you put in, the CPanel has added a prefix.) If you need to, click the drop down to get the name you added to appear in the left hand box. The same applies to the database: – get the name of the database in the box too.

When finished, click the button that says Add User to Db.

This is REALLY important – nothing will work unless you click that button.

You should see this.

At this point you have created the database, created a user and allocated the user to the database.

You can now create the tables using the install.php script supplied with the zip file.

You will need to have the following information available :

database name
database username
database password
database host (usually local host but refer to your host documentation if you are not sure)

When you run the install.php file in your browser you will be presented with boxes as follows :